Looking for an External Disk Encryption package (on Ubuntu, but also accepted like TrueCrypt for (somewhat) easy/universal access independent of OS).
I'm migrating an external 300GB HDD I have from TrueCrypt. Should have done it sooner since that was discontinued and basically denounced by the authors, but I never got around to it. I'm on Ubuntu 14.04, but feel comfortable enough with Guake (or a normal terminal, though I'm really fond of Guake) to install just about anything (provided if I have to compile myself, the Makefile doesn't throw up tons and tons of issues). I've done some looking around for something else to use, and dm-crypt seems to be a popular one, but it and the others like it aren't exactly centralized -- I rather cherished that TrueCrypt was/is used by lots of people, so if I need to access the data on another borrowed system, I could (ignoring the OS) use TrueCrypt (or install it if neccessary first). With dm-crypt and the other options I'm seeing, I don't see a centralized alternative. Am I just missing something? Or are most disk-encryption based packages not centralized across all the major OSes? To be clear, I'm not looking to encrypt the local disk Ubuntu is running on -- I'm just talking about an external drive where I can put the important stuff as well as some backups of things that are important, but need to be on the local HDD.
First of all, there's nothing you can do about the vote. Calling your Reps, I mean they don't give a s*t about you. We know that. Don't waste your time. They know our position already. Internet has spoken. We don't like it. We don't want this. They won't listen. Revolving door and lobbying > Internet. But you can do stuff about your privacy even if this passes
No longer recommended as they are universaly useless now. Nearly all VPNs are now being blocked by VPN provider's public IP range by a bunch of collusionary industry a-holes including but not limited to Netflix, Hulu, Amazon, Paypal, all MSM, anyone using top 5 credit card processors and ACH due to Obama era legislation and anti-citizen tomfoolery. Ask yourself: Why would a company that you login to with your credentials care if you use a VPN or not? A: they shouldn't but someone is leaning on them to block your VPN and it's the american intelligence community
Secure bitcoin storage - please help me bring my solution up to 2017 standards
Long term hodler from 2013. Still waiting for my Monarch j/k. My solution has always been; Running full node on Linux and using what was the core client in 2013 (I haven't really been up to date all the splintering factions or anything, so let me know if that's terrible) as my wallet. I update the client from the PPA (potentially also terrible without verifying each release). My wallet.dat lives in an encrypted file container created under the last known safe TrueCrypt 7.. I have not updated TrueCrypt from that version. Additionally, I'm using the wallet password in the client. Passwords for the encrypted container and wallet live in a cloud password managed secured by a master password and 2FA. I have a copy in a KeePass container in case the company goes bust or servers are down. Encrypted file container lives on multiple hard drives and multiple cloud storage locations (all with 2FA). Workflow is
Open password manager [password1 + 2FA].
Decrypt container [password2] (TrueCrypt) and mount.
Copy wallet.dat to bitcoin folder.
Open client [password3] and sync.
Close client, copy wallet.dat back to container.
Delete wallet.dat from O/S.
Unmount container, re-upload to local and cloud storage.
This was something I put together back in the day and I suspect there are betteeasier ways today. I'm not using a live install either - I wanted to be a full node and it sucks messing around with installs and the data directory each time. So yes... deleting the wallet after use is not exactly 'deleting' it to be precise, but I consider this to be the least likely attack vector. Is this a terrible setup? If so - which is the weakest link? What have I missed in the past four years? What is multi-sig? Are hardware wallets any good and what problem with my setup do they solve? Edit: formatting
Could Bitcoin be the catalyst that finally makes the typical computer user take security seriously? (Also, how to build a secure offline computer)
With all the inevitable posts from new users jumping head first into this 'magic internet currency' from malware infected systems using weak and/or duplicate passwords and no proper backups who then go on to mysteriously lose all their shiny new Bitcoin, it made me realize that money is a powerful motivator. Depending on how much is lost it will probably only take one or two instances of losing money before most people start to understand what we tech guys have been trying to tell you this entire time. While we're on the subject, I will repost for you a comment I made to the security guide (permalink here) detailing my procedure for building a secured offline system for anyone wishing to protect large (and small) amounts of Bitcoin.
Take an old computer and first epoxy the ethernet port so it is not able to go online. Remove or disconnect any WiFi and/or Bluetooth cards, and any other networking components. Disconnect and/or disable any microphones and speakers.
Install Windows completely formatting the drive in the process. Many users here will tell you to avoid Windows and use Linux but since this computer is completely offline it does not much matter. Use your preferred OS. I additionally uninstalled and/or disabled certain services critical for networking but otherwise unneeded for normal operation. It is also good to disable any other unnecessary services. Be sure to disable autoplay. Set the BIOS to not automatically boot from CD or USB. You can set up BIOS security as well but if you do, be sure document the passwords.
Install TrueCrypt and fully encrypt the system drive. All software installers and other files will need to be transferred via a thumb drive. Use an extremely strong password that you do not use elsewhere. MEMORIZE THIS PASSWORD AND WRITE IT DOWN TEMPORARILY ON A PIECE OF PAPER!!! NEVER ENTER THIS PASSWORD INTO ANY OTHER COMPUTER OR DEVICE. Let the encryption process complete 100% before proceeding. Reboot the system and test to ensure you are able to decrypt the drive and log in to the operating system.
Install Armory, KeePass, Foxit PDF, CutePDF writer, and Eraser. You may wish to install Electrum as well. You will need a printer so it may be necessary to load a driver for it as well. If possible, use a printer without network capabilities or persistent memory.
Create a KeePass file. I always secure KeePass with a key file in addition to a password. Do not use the same password for the KeePass file as you used to encrypt your drive. This password should also be memorized. DO NOT ENTER YOUR TRUECRYPT PASSWORD INTO THE KEEPASS FILE! You can however enter your windows and bios passwords if you like. I also configure KeePass to generate random 30+ character passwords using upper, lower, and numeric.
I generate my wallets in Armory. Since this computer is offline Armory does not require a great deal of resources and will not download the blockchain. Note that you will not be able to check balances from this system. I secure each wallet with a separate KeePass generated password and document these in the KeePass file. I then generate watching only wallets that I store to a folder on the offline computer and also attach them to the associated KeePass entry for ease of access. DO NOT ATTACH YOUR ACTUAL WALLET, OR ANY DIGITAL OR PAPER BACKUPS TO KEEPASS! I also create a paper backup and save this on the offline computer using CutePDF Writer as well as a digital backup of the wallet file. Since Armory creates deterministic wallets, these are the only backups you will ever need. Print the paper backups and place them into a tamper evident envelope. Keep this in a secured location such as a safe deposit box. NOTE: This can also be done using Electrum but Armory has a much better interface and multi-wallet support. The online version of Armory however does require a robust computer and a full download of the blockchain. I will use Electrum only if I expect that the specific wallet I am generating will be the only wallet monitored on an online system with limited resources.
Create a text file on the offline computer documenting the TrueCrypt password and key files, KeePass password and key files, the operating system and BIOS passwords, as well as instructions on how to access the offline computer, TrueCrypt file, KeePass file, paper wallets, key files, and any other critical information they may need. Print this out, place it in a temper evident envelope, and keep it in a second secured location available to whomever might need access to it in case of death or an emergency. Be sure you and they have access to unencrypted copies of your key files. You can now destroy the paper on which you originally wrote your TrueCrypt password.
Create a TrueCrypt file on the offline computer. For simplicity you can use the same encryption password as you did for the HDD earlier but you may also wish to add a key file. Place copies of the KeePass file, digital backups, watch only backups, and anything else you may ever need should the offline computer fail. Optionally, you can also add the paper backups and written instructions (read paragraph in italics for considerations). You can now copy the TrueCrypt file to a thumb drive and from there various other locations from where it may be reliably accessed.
You may wish to choose not to store copies of the paper backups in the TrueCrypt file. The paper backups are enough in themselves to fully restore your wallets and spend funds, therefore, if somebody does manage to open your TrueCrypt file, they would have total control over your Bitcoin. By not storing the paper backups in the TrueCrypt file, you ensure someone would need access to both the digital backups (stored in the TrueCrypt file) and the passwords (stored in KeePass) to move funds. The same holds true for the offline computer. If you do choose not to save the paper backups (or delete them using Eraser), even if somebody manages to decrypt your drive they will still need to open KeePass to spend your Bitcoin. For this to be effective however, you must be sure not to copy the instructions file you created earlier into the TrueCrypt file, or in the case of the offline computer, you should use Eraser to delete it, because it contains your KeePass password. The main disadvantage to not including these files would be if, unbeknownst to you, one of your digital wallet files were corrupt. If this were the case and for some reason you cannot access the paper backup you could lose your coins. You can test the integrity of an offline wallet without compromising security by signing a message from the offline computer using the private key then, from another computer, validating the signature against the public key. IMPORTANT: IF FOR ANY REASON THE TRUECRYPT FILE IS EVER DECRYPTED FROM A SYSTEM OTHER THAN ANOTHER OFFLINE COMPUTER OVER WHICH YOU HAVE COMPLETE CONTROL, ALL YOUR WALLETS AND ENCRYPTION KEYS SHOULD BE CONSIDERED COMPROMISED. IF THIS OCCURS, I ADVISE YOU TO REPEAT THIS ENTIRE PROCESS USING COMPLETELY DIFFERENT PASSWORDS AND TRANSFER ALL BITCOIN TO THE NEW WALLETS!!! Even though the KeePass file does contain all of your wallet passwords, since it holds neither any wallet backups nor your TrueCrypt password, even if an attacker gains access to this file your Bitcoin will be secure. Still, if you suspect the KeePass file to have been compromised you should again at the very least create new wallets using different passwords and move your coins (and don't forget to back them up again!) That is it. You can now set up a fully operational copy of Armory (or Electrum) on an online system and import your watching only wallets as well as your KeePass file. These can be copied unencrypted from the offline computer to a live system via a thumb drive. (Just be sure that you are not also copying your actual wallets, digital or paper backups, or instructions file.) This way you can track balances and receive Bitcoin. If you ever need to spend any Bitcoin, you can create the transaction from your online computer and sign it with the offline computer using a thumb drive (Armory makes this very easy). For added convenience, you can import a full digital backup of one or more of your wallets to hold smaller amounts of Bitcoin on your live system so you don't have to sign minor transactions offline. Just remember that whichever wallets you do bring online should never again be considered as secure as those kept completely offline.
Safety of open source Bitcoin wallet software/apps
Open source software are considered safe/safer because the source code can be audited/reviewed. This thread is not about the source code, but the potential risk caused by the compilation process, or in other words, the possibility that the software/apps aren't complied from the claimed source code. Here is a link about some version of TrueCrypt's Windows executable being suspicious: https://blog.cryptographyengineering.com/2013/10/14/lets-audit-truecrypt/
[T]he Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65,024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can’t be distinguished whether these are indeed random values or a second encryption of the master and XTR key with a back door password. From the analysis of the source we could preclude that this is a back door… As it can’t be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt_7.0a_Source.zip” we however can’t preclude that the binary Windows package uses the header bytes after the key for a back door.
~10 BTC lost from unencrypted Mycelium, and I don't know how (I have a theory thought)
I'm an idiot and had unencrypted mycelium wallet on my phone. Then my bitcoins disappeared to unknown address. I have no idea how I was compromised, but I have some theories. The phone couldn't be fully compromised, because I also had other unencrypted bitcoin wallet (2x idiot), and the btc weren't stolen from there. I still have the other wallet there and the coins still haven't moved. I stored the backup phrase on truecrypt partition on a linux server. In theory, the backup phrase could have been compromised, but I doubt it. 1st theory: sometime ago I installed popcorn time android app. I guess it is possible for other android apps to read the mycelium keys, if they aren't encrypted. Not sure though. Other theory: targeted, physical attack. Someone technically could have snatched the phone while I left it at table at bar or something. However I usually take quite a good care of my phone. Paranoidity level: high. Supidity level: ultra high. Any other theories?
Using Electrum and Bootable Ubuntu USB to Create a Secure Cold Storage Wallet
Here is a short guide that is hopefully newb friendly for creating a cold-storage wallet with Electrum. All you will need is at least one USB flash drive with at least 2 GB of free space, your PC, and pen & paper.
The first step is to create a bootable Ubuntu flash drive. Ubuntu is a free open source Linux distribution that is very newb friendly, don't be intimidated. Assuming you are a Windows user just follow, these directions on how to make a bootable Ubuntu USB drive.
You will need The Universal USB Installer, as well as the Ubuntu .iso image file. Choose the 32 bit version to be safe. Download both, plug in your USB flash drive, and launch the installer. Select Ubuntu in Step 1 in the installer. Then in Step 2 browse and locate the Ubuntu .iso image file you downloaded. Then in Step 3 select the drive you have inserted, as well as click the box to format the drive and erase contents. Do NOT set a persistence as this will reduce the security. Then click create and wait for it to finish.
Once done creating your Ubuntu bootable drive, you will shut down your computer. Then with the USB stick plugged in you will boot the computer up. The computer should boot into the Ubuntu stick instead of your regular hard drive. If it failes to do so, then when booting press F4 or other command to enter BIOS menu. Then go to boot order options and change the boot priority so that it boots to an external/usb device first before the main hard drive.
Once booted into Ubuntu, make sure to click "try ubuntu". You are only trying it out on the USB, and not installing it onto your main hard drive. The reason for using the bootable drive is everything exists in memory and mostly disappears when you shut down Ubuntu.
Once booted, you can connect your internet connection to download Electrum. Go to the software center on the left side bar, it looks like an orange shopping bag. Search for "electrum" and then download and install Electrum. After this its very important to DISCONNECT the internet and NEVER turn it back on until you shut down Ubuntu.
(It would be more ideal to install electrum in a complete cold environment, but I have heard that could cause some problems with Electrum at this time and it is best to install it while connected to the internet. But if you want true cold storage you must have zero internet connection at the time of creating the wallet. Since we are disconnecting before Electrum creates the seed, we should be good.)
Once the internet is disconnected, then go ahead and launch Electrum. Choose the option of creating a new wallet, and write down the seed phrase on paper. Also record some of your public addresses. Also you can enlarge electrum to the entire screen then click on "wallet" on the top left, then click "Master Public Key", and you can copy the Master Public Key which will allow you to reconstruct all of your addresses for that seed. The Master Public Key can also be used to create a watch only wallet in Electrum, just choose "watch only option" when creating the wallet and when prompted enter your Master Public Key.
At this point you are done, just shut down Ubuntu to make sure the evidence of the seed is erased. Then you can send Bitcoins to your cold storage wallet. You have effectively created a very secure cold storage wallet, in my opinion. To restore the cold wallet, just launch electrum and choose "restore wallet" option, type in your seed, and voila you have a hot wallet ready to spend again. Extra:Using Truecrypt Encryption Bonus tutorial is if you would prefer to save your seed on another USB or digital device. It is not recommended to do this, unless the seed in encrypted. Even then I would only leave it on a USB and not plug it into any hot device just to be safe. I would recommend Truecrypt although its possible the NSA has hacked Truecrypt, so use at your own risk.
To install truecrypt on Ubuntu, I have found this seems to be the best method using the PPA by Stefan Sundin. Open a terminal and execute the following commands:
Hit enter after each command. If it asks permission, press y. Sometimes I had problems getting commands to work in the past. For some reason first installing flash from the software center fixes the problem, but I have no idea why.
Once installed then just type "truecrypt" in the terminal and press enter, and truecrypt will launch. Then go ahead and click the create volume button. Choose create an encrypted file container and click next. Click Standard Truecrypt volume and click next. Then select a name and location for your file and click next. Then I usually choose AES-TwoFish-Serpent encryption algorithm and RIPEMD-160, then click next.
Choose a size for the file, probably 5 MB is enough, but by all means choose more if you want to hold more files. Click next and make sure to choose a SECURE password for the file. If you don't pick a good enough password it will be brute forced easily. Use numbers, letters, capitals, lowercase, symbols, and make it long as possible. Try to have it something you can memorize if possible. Then click next. Then format it as FAT, and click next. Move your mouse around for entropy and then click Format, and your truecrypt container has been created.
Then click exit, and go back into truecrypt's interface. Click the first slot in the rows, and then click "select file" underneath. Choose the file container you just created. Then click mount and type your password to mount the container. Once mounted you have access to the container and can drop files inside, and access the contents as well. Once done, dismount the file, and save it where appropriate.
I think this is a decent easy to follow tutorial. Hopefully this can help some newbies out, if I made any mistakes please feel free to correct me. Edit: Sorry formatting sucks.
PSA don't keep your coins in an exchange. Follow this simple 22 step process to create a secure, offline prison wallet
First log into your VPN then open a TOR session to browse to overstock where you will purchase a single purpose laptop with bitcoin. Once you have the laptop you'll want to install mycelium, coliseum, elysium, truecrypt, Linux, and unix. Take the laptop to your Faraday cage and boot up. You'll create a wallet file in this environment. Afterwards you'll want to remove the disc drive from the laptop and place it into a latex bag which should be vacuum sealed. This is then inserted into a body cavity for secure storage.
A n00b vents: barrier to entry of bitcoin, the implications for general uptake, and the future
Being mindful of the general truism whereby you forget how hard something was to begin with once you get setup into the pattern of efficient minimal usage, it felt like a good time to vent, slash get the opinions of the community. The problem: once someone has been titillated enough by the prospects of bitcoin, they'll then try to get into it. How many will fail? Let's be honest, on a quite-nerdy website, we're probably relatively a lot nerdier, so should arguably be finding these things very easy if we hope that the general populace will be adopting, no? My experiences:
Downloaded a popular bitcoin wallet for linux. Unexpectedly had to run my machine for a week to download the blockchain. Huge papercut.
Strongly recommended to fully encrypt machine & adopt vastly improved security policies (tor, truecrypt, etc), in line with post-snowden recommendations (i.e. not bitcoin specific, per se). There's a shit-ton to read (papercut), and loads to do for this (papercut), taking hours of boring time in my spare time (papercut) and requiring many changed practices (papercut).
I did some free bitcoin taps then gave up. No idea where that account is now (papercut) & don't know if it can be accessed without doing the whole downloaded wallet again (papercut). Lost bitcoins probably worth about 10c, I guess. Technically now everyone's richer. You're welcome.
Trying again, months later. Decided to use BIPS as an eWallet needs less total encryption security AND they also do wire transfer with BIC & IBAN. Downloaded & ran Tor again. Spent 2 hours going through the account setup process (papercuts abound): they don't tell people what's required beforehand so you're constantly booted out while looking for bank details, utility bills & government photo ID documents in digital format, printing verification keys and downloading google authentications apps. Again, as per my first point, you only do this once... but how many people will hit a few of these frustrating hurdles and just say "fuck this, i'm out"? They also have a problem on their page whereby you can't select the currency you want to convert to bitcoin from - not bitcoin community's fault & I emailed BIPS about it, but another papercut.
MY OVERALL POINT There's loads of evangelism going on in bitcoin, which is great (not sarcasm), but I wonder to what extent part A (getting people interested) is being undermined by part B (people being able to get onboard)? Is there a step by step guide, or flow diagram, for how people should get onboard once they've decided they want to? This and this is good, but maybe should be expanded to include the security one should have and a stepwise guide to get there, plus what to expect/prepare when signing up to the wallet sites? TLDR: technical papercuts barrier uptake to bitcoin, thus working against the promotional work of the community. How can these be reduced? Have they been improving with time?
A helpful discussion about wallet security (esp. Electrum)
I was recently contacted via private message by a redditor who read a comment of mine about wallet storage (I assume this comment). I think there was quite a bit of useful information in it for other bitcoin beginners, so I am reposting it here in full (with permission). The redditor in question wanted to remain anonymous though. I hope this is of use to some of you here! From: Anonymous Redditor
I saw your post regarding your wallet storage and had a few noob questions if you don't mind. My plan is similar to yours but I was unsure whether to use armory or electrum (electrum's seed creation scares me a bit). You mentioned you have a bootable LINUX (ubuntu?) USB stick that you keep your wallet on....do you only boot this onto an always offline computer? Do you use something like Truecrypt to further protect your wallet.dats? Thanks for your time!
My plan is similar to yours but I was unsure whether to use armory or electrum (electrum's seed creation scares me a bit).
For me it is the other way around. Armory (and bitcoin-qt) scare me. Armory is just a wallet. It still needs bitcoin-qt running in the background. For me the problem is two-fold: 1) Size bitcoin-qt (and armory) need to download the entire blockchain. That 13+ GB that takes hours to download and days to verify. And if you ever lose it, you need to do it again. 2) Random keys armory and bitcoin-qt generate random private keys. You get 100. If you use a few (you use them when you send coins for example) then new ones are created. So, if you create an armory wallet and make a backup, that backup will have 100 keys. Then, if you make 33(!) transactions, your 100 keys are used up and you will have 100 different random keys. If someone then steals your computer (or your house burns down) then you cannot use your backup anymore. It only has the 100 old keys and none of the new keys. So you have lost all your bitcoins. Why 33 transactions and not 100? Because of change addresses. If you have 10 BTC and send me 2 BTC then most wallets will create 2 transactions. 2 BTC from your old addres to me, and 8 BTC from your old address to a new (random) address. This process costs 3 private keys. 2 keys for the transactions and 1 key to create a new address. This means that after every few dozen transactions you need to refresh your backup so it has the newer keys. For me that is impractical. It means that I need to keep my backup close by because I often need it. Electrum does not have this problem. The seed solves this. Private keys are not random but are created from the seed. If you have the seed then you have, by definition, all the private keys you will ever need. Your backup can never be out-of-date. This is easy for me. I save the seed in a file, encrypt it, put it on an USB stick and give copies to a few family members who have safes in their homes. If my computer is ever stolen, or my house burns down, I can go to a family member, decrypt the seed file and use the seed to restore my electrum wallet. Even if that USB stick is 10 years old.
You mentioned you have a bootable LINUX (ubuntu?) USB stick that you keep your wallet on....do you only boot this onto an always offline computer?
It depends on how secure you want to be. For maximum security, keep the computer always offline. But if you want to spend the bitcoins from your wallet, you will need to be online. I use the USB stick for my savings account. It only receives coins and I do not send. So I do not need to boot up my USB stick. I have created a second wallet on blockchain.info that I use for day-to-day transactions. All BTC I receive goes to my blockchain account. Then I transfer a part of that to my savings account and only keep a bit of change that I need in the blockchain account.
Do you use something like Truecrypt to further protect your wallet.dats?
No. Electrum does not have a wallet.dat. It has the seed. I simply copy the seed to a TXT file and encrypt it using GPG and symmetric encryption. Example:
Make sure you use a password that is strong and that you cannot forget! If you need to write the password down on paper and your house burns down, then you cannot decrypt the seed anymore!
From: Anonymous Redditor
Forgive the naivety here: Correct me if I'm wrong - The safest way to generate your wallet seed is on an offline computer correct? So, theoretically, generate the seed on an offline-only computer, copy to txt...encrypt. back up on multiple USB's. Then on your online computer, load electrum and import Seed? Thanks so much for the thorough explanation! I'm a potato when it comes to reddit's bitcoin tip bot. Send me an address - would like to send some internet magic money your way.
The safest way to generate your wallet seed is on an offline computer correct? So, theoretically, generate the seed on an offline-only computer, copy to txt...encrypt. back up on multiple USB's. Then on your online computer, load electrum and import Seed?
Not quite. The risk with an online computer is malware and people breaking in. If you generate the seed on an offline computer and then move it to an online computer, you don't really take that risk away. You still have your wallet on an online computer which you use for day-to-day work and which is exposed to hackers and malware. I suggest you make two wallets. One wallet is your "savings" wallet. You can use the USB stick Linux for this. Generate the wallet offline, backup and encrypt the seed onto multiple USB sticks and note down the bitcoin address somewhere so you can transfer funds to it. The only time you should use the USB stick to go online is when you want to transfer funds out of your savings wallet. The, on your normal computer (or your smartphone if you prefer), create a second wallet using a different password. This is the wallet you keep only a little money in for your day-to-day transactions. Note down the seen, encrypt (with a different password than you used to encrypt the seed from your savings wallet) and add it to the USB keys. You can use Electrun for this second wallet as well, but you can also use something different. I use a blockchain.info wallet for my day-to-day expenses. Whenever you have a larger amount of bitcoins in your day-to-day wallet, transfer some to the wallet on the USB stick. You don't need to boot up the USB stick for this. You only need the address you wrote down. When you want to spend a large amount of money, boot up from the USB stick and transfer coins from your savings wallet to your day-to-day wallet. Reboot into your normal computer and use the day-to-day wallet to pay for what you wanted to buy. The core of the issue is simple: Don't store a lot of money in a wallet on a computer that you use a lot. Computers that are used a lot get attacked a lot. Simple :-)
Thanks so much for the thorough explanation! I'm a potato when it comes to reddit's bitcoin tip bot. Send me an address - would like to send some internet magic money your way.
That is very kind! My address is: 1PAXiscvKoGRJ5XxMZvri3CMNeKYYb8wMQ
From: Anonymous Redditor
You are awesome:) Thank you again for the insight! Sent some your way.
I don't know. You would be better off asking this on www.ubuntuforums.org for example. I don't know if that computer's hardware is compatible with Ubuntu. Speed-wise the bottleneck will be the USB stick and not the CPU or memory. USB sticks are much slower than hard drives. Note that you don't have to buy a computer for this. You can use the computer you already have and still run Ubuntu off an USB stick for your Electrum wallet. What I said in my previous post about not using your day-to-day computer for your wallet, with that I mean the operating system and software. Not the hardware. Unless you're afraid someone put a hardware keylogger inside your computer :-)
From: Anonymous Redditor
Fascinating! My tin foil hat is in full effect:) Thanks again for your time and patience.
Your welcome. Have fun with bitcoin! Oh, I have a question for you now. Would you mind if I repost our entire private conversation here to /BitcoinBeginners? I think other redditors there would also be interested. And if I can repost it, do you want your username in there or should I replace it with "Anonymous Redditor" or something?
From: Anonymous Redditor
You can certainly repost it! And yes, if you wouldn't mind removing the username I would very much appreciate it. Thanks for asking btw!
Anyway, I hope this is useful for some people out here.
The Three Legged Stool of safe storage. I've given a lot of thought about how I can safely store my Bitcoins. I want to share my method in the hope others may find this helpful and any discussion could also help me. I'm not intending this as a beginners guide to cold storage, plenty already exist. But people, both new and familiar with cold storage, can benefit from the applications and ideas I'm suggesting here. The Three Legged Stool, what's this about? There are just three ways to unintentionally lose your coins: Leg 1, They can be stolen Leg 2, They can be physically lost Leg 3, You can forget how to access them The snag is that anything done to improve security to one Leg tends to increase the risk of loss caused by being out of balance with the other two Legs. For example, to protect your coins against Leg 1 (being stolen) you may hide the coins private key in a password protected container somewhere in your house. My point is that you have reduced the risk of Leg 1 (getting them stolen) but at the same time increased the risk of Leg 2 (physically lost) and Leg 3 (forget the password). This is especially true with long term storage. Equally, not using a password protects against Leg 3 but increases the risks from Leg 1 and is of no help against Leg 2. The objective is a balanced stool, keeping your coins safe and also always available for spending. How it can be done: My preferred method is using Paper Wallets with BIP38 encryption. With secure passwords, these are so safe you can keep multiple copies of the same wallet all over the place. Keep copies at work, at home, at your parents house and even carry the private key QR code with your phone in case you want to spend a chunk of Bitcoins unexpectedly. Brute force attacks on BIP38 wallets are so slow, I can't think it's possible to crack a strong password of let's say 10 random letters, numbers and symbols. So this is total protection against Leg 1 and Leg 2 but forget that password Leg 3.... and your coins are gone forever! Here's the clever bit. So how can you guarantee never to forget that complex wallet password? Yes! There's an App for that, "Infinite Password Generator" (IPG) is truly brilliant. https://play.google.com/store/apps/details?id=yuku.infinitepassgen.app The only permission this App has is to access Google Play payment services so I don't think it can give any secrets back to the developer. Install this app and make backups of the APK, save backups on several devices in case it's ever removed from Google Play. If you change your phone you will want to be able to install IPG from your APK backups and it's best not to update this App. If you do update it then always check it is generating the same passwords using the procedure explained below. IPG generates complex passwords by combining your own "Master Password" with a Keyword. As an example, your Master Password must be something you can NEVER forget like the house number and road name you lived in as a child. The Keyword is a unique identifier for this Paper Wallet, maybe a name and incrementing sequence number like wallet3. IPG combines these two fields to generate a secure repeatable password you can use as the input to the BIP38 encryption. IPG let's you save its configuration settings and you need to do this: Fill in the Master Password, put your name in the Keyword field, press Show and select the type and length of BIP38 password you want then press Copy (to the clipboard). Now, paste the generated password over the Personal notes (optional) field. Next, delete the Master Password field and Save, then exit IPG. Open IPG and Load your saved file, fill in Master Password then Copy/paste the generated password under the original copy of the password and if you did this all correctly you will have generated exactly the same password, confirming you put in the Master Password correctly. Now change the Keyword field to your chosen Wallet Identifier, let's use my example above wallet3 and this will generate the required unique password for that BIP38 Paper Wallet you're about to make. I would write 3 as a hint on all copies of this Paper Wallet to make sure I don't forget the full Keyword. The next Paper Wallet I generate being wallet4, marked 4. Also I paste a copy of the IPG generated password into a Truecrypt encrypted container as a last chance disaster recovery. Final steps to use IPG safely. You must close this App correctly otherwise it stays a while in memory containing all your secret information. Then you need to clear the clipboard of the wallet password and I've been using an App called Clipboard Autoclear+ to do this. https://play.google.com/store/apps/details?id=de.tactilesoftworks.clipboardsentinel I've used two Paper Wallet generators, my favorite is https://www.bitaddress.org but it's a bit cumbersome to produce multiple copies of the same wallet. I also like https://bitcoinpaperwallet.com because they can produce Testnet Wallets which is a coin identical to Bitcoin but uses valueless coins purely to be for testing purposes. Google Testnet Wallets for more info. Spending from your Paper Wallet is easier to do than explain and I started by using the Blockchain.info Android App. But this has let me down with an error message "insufficient funds" and I see many complaints about this problem. I wrote to Blockchain.info about it but got no reply. Since then I moved to Mycelium Wallet https://play.google.com/store/apps/details?id=com.mycelium.wallet and have had no problems with this. Also they do a Testnet version of Mycelium which is incredibly useful. In Mycelium you just scan your Paper Wallets public address to watch how many Bitcoins there are in them. When you want to spend from the Paper Wallet, first run IPG, load the file and fill in the passwords then copy the Paper Wallet password to the clipboard. During the Send transaction Mycelium will ask to scan the wallet Private Key, it then asks for the BIP38 password which you can paste in from IPG and the amount of Bitcoin to send and off it goes. A couple of important points to consider if you're not spending the full amount from the Paper Wallet. Once your private key has been used like this you really should send the remaining Bitcoins the next Paper Wallet in the sequence called, using my example, wallet4. That's because once a private key has been used or exposed to an online device, it's no longer safe to consider it as cold storage. If you don't spend all the coins on your Paper Wallet it's likely you will get back change and you must be sure the Wallet App you're using supports this or your change will disappear as a donation to the mining community. Mycelium and Blockchain.info Wallets automatically look after sending your change back to the Paper Wallet's corresponding public address. OTHER APPS MIGHT NOT DO THIS SO BE CAREFUL. Generating Paper Wallets should be done on an offline device such as an old Android phone factory reset and only used for this purpose or a bootable Linux USB. In conclusion this approach overcomes my doubts about my ability to remember long term secure passwords, possibly years after I made them up, because I shouldn't forget the Master Password as it's something so personal to me and the Keyword is almost attached to the Paper Wallet. Leg 3 is dealt with and Legs 2 and 3 now take care of themselves. I do hope some of you find these ideas helpful. The developer of IPG Yukuku does not make any provision for donations and I would happily make a donation for this excellent App that is also available for Windows. Disclaimer, these ideas are for your consideration and debate only. I take no responsibility whatsoever for any losses that may arise however they are incurred. I have absolutely no connection or financial interest in any of the applications I have referred to here.
Some questions about the blockchain, wallet.dat, and Truecrypt on Windows
1) Do I need to download the entire blockchain before I can send bitcoins from the official bitcoin client, even if blockexplorer.com says my address has received them? The blockchain is taking a long time for my client to download and my balance is unchanged. (On getblockchain.com, the blockchain is currently 475MB compressed and 1.42GiB uncompressed, although the site is more targeted to linux users.) 2) After following the Bitcoin wiki regarding Truecrypt, if I launch bitcoin.exe with the -datadir option pointing to a Truecrypt container file that contains wallet.dat, does the ever-growing blockchain also have to be in that container file? Can I point the client to one location for the blockchain and another location for the wallet file? 3) Can I leave the blockchain in its normal directory and do I just need to copy wallet.dat out of the Truecrypt container file when I need it? (Or decompress it with 7-zip or decrypt it with GPG4win?) Wouldn't it then be vulnerable to trojans like Infostealer.Coinbit or the metasploit module bitcoin_jacker.rb? 4) Will the plaintext wallet issue be obsolete by version 0.4.0.0 of the official client? And will a headers-only client make it so every user doesn't have to download a neverending blockchain?
Is there a BIP38 equivalent to encrypt my Electrum seed?
Hey guys and gals, Just put some BTC into Electrum to test it out. I plan to use it as cold storage for as long as client side bitcoin wallets are the best method for storing bitcoins. I generated the Electrum wallet on a USB live linux, and imported the master public key onto my online computer. I then wrote the seed down on paper for now. I plan to burn the paper later. So the question I have is: Is there a way to encrypt my electrum seed so that I can safely upload it into the cloud so that I don't have to worry about storing it phyiscally? I heard things of TrueCrypt etc but today is the first day I have used the program. Still new to it, so i'd like any opinions possible, thanks.
Hello all, I'm new to Reddit but have been following this subreddit for a little over a week. I thoroughly enjoy the information that everyone has contributed. With that being said, I am very excited to join the bitcoin community. I have a small transaction to start off with pending at coinbase. My concern is that I have taken such drastic steps to secure my offline wallet that I will be a burden to recover it in the event that I lose the original data file. Here are the steps that I have taken. Installed linux on an offline machine. Logical volume of offline machine is encrypted. Strong user password. Home directory where wallet.dat is stored is also encrypted. Armory wallet encrypted. Armory wallet digital backup stored in Truecrypt file container on new USB flash drive. Flash drive to be placed in safety deposit box. Am I just being paranoid or is this overkill? I was also thinking of keeping another copy of the USB flash drive in a fireproof safe at home.
[Security] I worked on my BTC security last night. How did I do?
I am getting to the point now where I have a substantial amount of BTC (not massively life changing, but it has turned into more than I have in fiat, which I have accepted and I am ok with.) I wanted to secure these coins for long term safe-keeping, and I have a few questions for you very smart folks.
Would you diversify your coins into multiple security methods, or are you comfortable with using 1 method that you know and trust for all of your coins?
Please pick apart the process I used below to secure my coins:
This was all done on the same computer with the exception of using another computer to add a public key to blockchain.info
Downloaded Ubuntu to a (previously used) flash drive.
Downloaded Bitaddress HTML file and added that to flash drive.
Downloaded Truecrypt Linux package and added that to flash drive.
Downloaded Linux recommended software to properly write ISO to flash drive so it is bootable and used it.
Unplugged network cable/ disabled wireless
Restarted computer and booted from flash drive, running Linux live without installing to partition
Disabled auto-run from USB in Linux settings
Plugged in external hard drive where I plan to store my encrypted volume containing keys
Installed Truecrypt and created a new volume on the external hard drive using a password that exceeds 30 characters and has never been used before online.
Ran Bitaddress HTML file and generated a 'single wallet'
Printed this wallet to PDF using Linux built in tool, saved PDF containing keys directly to now mounted true-crypt volume.
on my Online Laptop, I added the public key to blockchain account by manually typing it in as 'Watch Only'
Dismount truecrypt volume
Switch back to main operating system, reconnect internet, and upload truecrypt volume to google drive (with 2FA enabled).
Now two copies exist, physical and digital.
Proceeded to send Bitcoin to public address.
How did I do? I am a bit nervous about having all of my eggs in one basket.
So with everything going on (mt gox and others), I'm thinking of doing a cold storage of all my coins. Here is what I was thinking.. First get a copy of Knoppix or a linux distro and make a live CD. Run it on my laptop. Download and install all the QT wallets (bitcoin, litecoin and dogecoin). Let them sync up. I have a address. I will make a transfer to it and test to make sure it goes thru. When it does, I will make a large transfer from my other wallets into it and create my "piggy bank". I will then make a truecrypt drive and place the wallet.dat into it (by the file ->backup wallet setting). Then I will copy this onto a USB drive. I will also keep a copy on dropbox. Since it's encrypted there's n access to the wallet.dat Next, I will do a dumpprivkey for each of the public keys to get the private keys. with that, I will make a QR Code and paste it on a piece of paper with the Public key. Then I got a physical paper in addition to the usb drive which I can keep locked away. Hopefully since I backed up using the qt wallets, I shouldn't have any transaction limits. Thoughts? I've been reading a bit about the transaction limits. Do those apply only when I was to send the coins out? Is there a limit on receiving? For instance, could I say weekly send money to the "piggy bank"? What exactly is the key pool? I'm seeing notes that it is per transaction. Others are per wallet.
Security Question and Answer: How secure is my Bitcoin wallet?
I thought I'd make a thread where the less savvy bitcoiners can describe how they store their bitcoins, and the experts among us can weigh in their opinions on how secure our situation is. I'll start. I have a dedcated brand new linux laptop with multibit installed onto a truecrypted usb flash drive. The USB drive is never used on any other machine. My wallet is also encrypted. The laptop stays offline until I run mulitbit, and I go back offline after transactions are done. I do not use the browser. I have backed up the usb drives onto 2 other usb drives that I store in separate locations.
I have a 16GB thumb drive and want to fool around with making a very secure live OS. Install linux mint as main OS and have a second persistant partition for saving GPG keys and other sensitive files. Have VM installed, one with Tails and one with another linux mint. The linux mint VM will not allow any type of internet access. The linux mint VM would house programs such as GPG and a bitcoin wallet. The main OS will have a bitcoin wallet for every day use. I would like to have this fully encrypted maybe via truecrypt - I have been reading that it is not possible to do a full encrypted usb, but the information i was reading was from years ago. Is this still true? Any suggestions on the feasibility of any of this? I am new to all of this. Thanks.
So with everything going on (mt gox and others), I'm thinking of doing a cold storage of all my coins. Here is what I was thinking.. First get a copy of Knoppix or a linux distro and make a live CD. Run it on my laptop. Download and install all the QT wallets (bitcoin, litecoin and dogecoin). Let them sync up. I have a address. I will make a transfer to it and test to make sure it goes thru. When it does, I will make a large transfer from my other wallets into it and create my "piggy bank". I will then make a truecrypt drive and place the wallet.dat into it (by the file ->backup wallet setting). Then I will copy this onto a USB drive. I will also keep a copy on dropbox. Since it's encrypted there's n access to the wallet.dat Next, I will do a dumpprivkey for each of the public keys to get the private keys. with that, I will make a QR Code and paste it on a piece of paper with the Public key. Then I got a physical paper in addition to the usb drive which I can keep locked away. Hopefully since I backed up using the qt wallets, I shouldn't have any transaction limits. Thoughts? I've been reading a bit about the transaction limits. Do those apply only when I was to send the coins out? Is there a limit on receiving? For instance, could I say weekly send money to the "piggy bank"?
So I've got an incredibly small amount of BTC that I've scraped from bitcoinget.com for testing and learning purposes, which I sent to a wallet that I generated from bitaddress.org. I want to eventually keep larger amounts of BTC on a freshly-installed Linux distro on a perpetually-offline netbook. While I do have access to a second, online computer, it doesn't have the hardware resources to run the Armory client, or even the full Bitcoin-QT client with it's large multi-GB blockchain download. Furthermore, that computer is at my workplace - I have complete administrative control over the machine, however the network admins here block the necessary port (8333), presumably to keep people from using our server rooms for mining.
I am going to download the TrueCrypt binary and use it to encrypt the address/private-key pairs I get from the hypothetical offline bitaddress.org generator. Of course I will make backups of these encrypted files onto other media.
My difficulty comes when I want to spend the bitcoin, or send it to a new address. I understand that when you sign a transaction you expose the public key, and that the private key can conceivably be deduced from that. I understand that when you initiate a transaction from a given address, you should throw away that source address so that its remaining contents cannot be compromised.
So my question is, given the contraints described above, how do I go about coming up with a workable, secure method for using BTC? If I have an address with 1 BTC, and I want to send, say .53756 BTC to a new address, what tools should I go about using to sign/send the transaction? What about the remaining fraction of BTC in the original address? Is there some easy tool or way to break up the BTC contained in one address across multiple others, that is workable with my constraints? E.g. "send .53756 to address A and send the remainder in that wallet to address B"?
After following the Bitcoin wiki regarding Truecrypt, if I launch bitcoin.exe with the -datadir option pointing to a Truecrypt container file that contains wallet.dat, does the ever-growing blockchain also have to be in that container file? Can I point the client to one location for the blockchain and another location for the wallet file? There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. bitcoin-launch-script. CCrypt Description . CCrypt is a linux command-line utility by Peter Selinger that replaces the Unix crypt command. Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever. The wallet contains a pool of queued keys. By default there are 100 keys in the key pool. The size of ... Linux. Bitcoin sollte einen versteckten Ordner im Home-Verzeichnis des ausführenden Benutzers erstellen. ~/.bitcoin/ Sollte es sich nicht dort befinden, kann man es evtl. durch find / -name wallet.dat -print 2>/dev/null. finden. Oder als Root updatedb. gefolgt von locate wallet.dat. Die handlichste Backup-Methode unter Linux ist vermutlich, die wallet.dat auf eine bzw. mehrere dafür ... Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever. The wallet contains a pool of queued keys. By default there are 100 keys in the key pool. The size of ...
How To Install And Enable Bitcoin Core Wallet On Linux
The Bitcoin OX Wallet supports Bitcoin (BTC),... Skip navigation Sign in. Search. Loading... Close. This video is unavailable. ... TrueCrypt - Full access to xpub, xpriv, seed , addresses - Only ... How to install Bitcoin Core wallet in any Linux distribution - Duration: 4:28. teklordz 30,115 views. 4:28. How to install the QT Wallet - GNU/Linux Version - Ubuntu 16.04 - Duration: 8:11. ... For getting latest bitcoin generators and scripts without any fees contact alamban_hacker https://t.me/alamban_hacker This video is about a simple way to hac... There are many different Bitcoin wallets for Linux, but one of the best wallets available to use is Bitcoin Core. One of the main reasons to go with it is that it’s from Bitcoin officially, so ... Bitcoin using Linux boot USB and secondary for a cold storage wallet ... Electrum on Puppy Linux - Offline Bitcoin Wallet on USB - Duration: 6:52. Vedran 2,321 views. 6:52. How to Create a Bitcoin ...